Presentation is loading. Please wait.

Presentation is loading. Please wait.

HHS Webinar Internal Controls and You: How Internal Controls Can Improve and Protect Your Energy Assistance Program John M. Harvanko, Director Office of.

Similar presentations

Presentation on theme: "HHS Webinar Internal Controls and You: How Internal Controls Can Improve and Protect Your Energy Assistance Program John M. Harvanko, Director Office of."— Presentation transcript:

1 HHS Webinar Internal Controls and You: How Internal Controls Can Improve and Protect Your Energy Assistance Program John M. Harvanko, Director Office of Energy Assistance Programs State of Minnesota 1 March 10, 2011

2 2 Presentation Intentions  To introduce how internal controls are a means of being more effective, efficient, and address integrity concerns  Promote LIHEAP adoption of Internal Controls Framework (ICF) as a means to improvement and mitigate program risk by  Explaining “why” internal controls?  Describing “what” ICF is  Showing examples of “how” Minnesota did it

3 3 Why Internal Controls?  All funds need good controls  Being good stewards of taxpayer’s funds  Minnesota Office of Legislative Auditor (OLA) – Three years of “No Findings” for EAP  OLA is requiring the development of an Internal Control Framework  National movement toward Internal Controls (aka COSO) including from the GAO Why ICF

4 4 Pennsylvania

5 5 Internal Controls?  GAO (Government Accounting Office)  HHS efforts (this webinar, National Conferences, other)  The Committee of Sponsoring Organizations (COSO)  State or Local requirements Why ICF

6 6 Minnesota Office of the Legislative Auditor Audit Issues  Significant weaknesses in common internal control concepts. Opportunities for fraud Common areas of noncompliance  Emerging Issue – Internal Control Maturity Assessing how well an agency identifies its risks, whether it documents and assigns its control procedures, and how it monitors the performance and effectiveness of the procedures. Why ICF

7 7 Tone at the Top Agency management has the primary responsibility to design, implement, and maintain an effective internal control system. This goes from:  Governor  Commissioner  Deputy Commissioner  Program Director  Service Provider Executive Directors  EAP Coordinator Why ICF

8 8 Tone at the Top (continued) Management shapes an organization's guiding values, disciplined business conduct, and operating policies forming the foundation of an agency's internal control structure. Why ICF

9 9 State Directive  Internal control procedures over financial management activities,  An analysis of relevant risks,  Periodic evaluation of these control procedures Agency head must develop a plan for establishing, implementing and maintaining an effective internal control system. This plan at a minimum requires documentation of: To satisfy management that these procedures are adequately designed, properly implemented, and functioning effectively. Why ICF

10 10 EAP & ICF  Why does EAP have a ICF? MN OLA required EAP to have or have a Audit finding EAP took the “opportunity” to analyze and assess it’s existing business processes & controls & placed into ICF framework  What does existing program components, effort definitions, implementation plans and policies mean? Asked how existing documents equated to internal controls Incorporated existing documents into the ICF Organized structure identified strengths and weaknesses ICF is a evolving, living document EAP will be advancing in the coming year and maintain going forward Why ICF

11 11 Internal Control Framework (ICF)  What is ICF?  How does it affect EAP? What is ICF

12 12 What is ICF? The Framework is used assess the Internal Control Competency to determine how well an organization:  Identifies its risks  Whether it documents and assigns its control procedures, and  How it monitors the performance and effectiveness of the procedures What is ICF

13 13 Internal Controls  Some pieces most likely already exist in your office and program operations (incrementally without regard to ICF)  ICF provided the framework allowing these pieces to fit together  You can (and should) incorporate ICF into any Local Plans, staff meetings, any training, and specially all aspects of monitoring What is ICF

14 14 ICF outlines criteria EAP uses to: Frames State Office Operations  Management approach Determine competent Service Providers  Contract with Local Plans that include ICF Monitor and evaluate program performance  Field Monitoring, Routine review, Ad Hoc Review Build the competency of the SPs  Training, Support, Corrective Action and T&TA What is ICF

15 15 Frames within Framework (ICF)  Federal & State Controls Rules and fiscal practices GAO, HHS, OLA, MMB  Department of Commerce Mission & Fiscal Control  EAP State Office Program Policy & Procedure Requirement Risk and quality controls Fiscal allocation and auditing Monitoring T&TA  EAP Service Providers Execute Program mission Implementation of policies and procedures with a quality control environment Manage SP specific risks What is ICF

16 16 Internal Control Definition Defines internal control as a process, effected by individuals within an organization, designed to provide reasonable assurance regarding the achievement of these objectives : 1. Effectiveness and efficiency of operations, 2. Reliability of financial reporting, and 3. Compliance with applicable laws & regulations What is ICF

17 17 ICF Structure 1.Control Environment 2.Risk Assessment & Management 3.Control Activities 4.Information & Communication 5.Monitoring The three objectives are supported by the framework. The Framework, is comprised of five interrelated components that can react dynamically to changing conditions: What is ICF

18 18 EAP Specific Control Examples 1. Environment (or Leadership or Tone at the Top) Ex: EAP Service Provider’s (SP) leadership supports mission, structure and staffing to effectively process EAP Applications and delivers energy assistance 2. Risk Assessment and Management Ex: SP has and is aware of Disaster Plan so in case of flood or fire the harm to households reduce. 3. Control Activities Ex: SP understands, collects & maintains income documentation as a control the services reach the intended households. SP has proper segregation of duties for payment certification 4. Information and Communication Ex: SP makes policy & procedural Information is available to agency fiscal staff, mechanical contractors, vendors etc. to enable the program mission and controls to be consistently performed 5. Monitoring Ex: SP monitors timeliness of application processing and improves processes when possible What is ICF

19 19 1. Control Environment  “Tone at the top" is set & demonstrated by an organization leader's actions & words  It is the foundation for all other components of internal control. It encompasses: Integrity, ethical values & competence of all people in an organization Management's philosophy & style How management assigns authority, responsibility and organizes and develops its people The attention & direction executive leadership provides What is ICF

20 20 ICF Implementations 1. Control Environment  Local Plan, contracts establish documented understanding of ICF competencies  SP connects Business Strategy Model (BSM) & SP Mission  EAP Manual is use to guide SP policy and procedures development  SP participates in EAP management methodology Understands and adopts administrative policies and procedures documentation  Service Providers participates in EAP training and trains staff to: Promotes program compliance and consistency Shares common mission, intention, goals, values and approach to program delivery Assure policies are understood How ICF

21 21 2. Risk Management  Involves the identification and analysis of relevant risks to achieve desired objectives  In the risk assessment process, management identifies: Internal and external risks Assesses the impact and the likelihood these risks might occur Selects whether to avoid, reduce, share, or accept various risks Considers controls to mitigate risk or to contain it to an acceptable level How ICF

22 22 ICF Implementations 2. Risk Management (Risk assessment & Mitigation)  SP conduct risk assessment & mitigation activities  State and SP conduct oversight activities including: Data, file and other checks Data & Technology practices  SP make a maintain disaster plans  SP designs processes with proper segregation of duty in key areas  SP uses incident reporting process  SP uses error & fraud processes How ICF

23 23 3. Control Activities  Consists of policies & procedures to help ensure management directives are carried out  Control activities occur throughout the organization at all levels in all functions. How ICF

24 24 ICF Implementations 3. Control Environment  SP processes have approvals & authorizations for benefit determination & payments Separation of incompatible duties  SP conducts analytical procedures like quality controls including timely service  SP conduct and support verifications like: Income eligibility and documentation vendor registration & sound payment process Household check points: – Benefit notification to assure accountability of service delivery – Appeals and compliant process  SP conducts reconciliations of funds  Reviews of operating performance  SP assures security of assets How ICF

25 25 4. Information & Communication  Addresses how an organization identifies, captures & communicates pertinent information in a timely manner to the right people to enable them to carry out their responsibilities  Information systems within the organization are key to this element of internal control  Internal information, and external events, activities & conditions must be communicated to enable management to make informed business decisions and employees to perform their assigned duties How ICF

26 26 ICF Implementations 4. Communication & Information  SP has communication plan for dissemination of program information  SP has routines like meetings to inform staff and partners  SP conducts appropriate and effective outreach  SP retains information overtime  SP is up to date with routine EAP communication How ICF

27 27 5. Monitoring  Are activities to evaluate whether components of the internal control system are operating effectively  Is performed by management and supervisors sometimes with internal auditors on a continuous or periodic basis  Includes identified internal control deficiencies being reported to top management and remedied in a timely manner with appropriate corrective actions  Is periodic follow-up on corrective actions taken to ensure control weaknesses are strengthened and no longer exist How ICF

28 28 ICF Implementations 5. Monitoring  SP and DOC conduct routine oversight and monitoring designed to facilitate: Staff review of data for quality and performance controls Review financial transactions  Onsite Monitoring including State Monitors Formal and observational assessment including random file selection Fiscal and audit requirements  DOC is working with the Minnesota Office of the Legislative Auditor (OLA) and implementing recommendations and suggestions and SPs will help develop and implement improvements How ICF

29 29 Our Responsibility  Advance our understanding ICF  Understand how existing EAP controls fit ICF  Continue to implement new ICF activities  Strengthening controls when weaknesses are detected  Providing adequate supervision necessary to ensure internal controls are operating effectively as designed  Obtain information & training on internal controls for ourselves and staff, necessary to meaningfully take responsibility for internal controls  FFY2010 EAP Manual Chapters 1 & 3 have ICF integration How ICF

30 30 Q & A

Download ppt "HHS Webinar Internal Controls and You: How Internal Controls Can Improve and Protect Your Energy Assistance Program John M. Harvanko, Director Office of."

Similar presentations

Ads by Google